Re: [Tm-rid] HHIT trust proof for Auth messages
"Wiethuechter, Adam" <adam.wiethuechter@axenterprize.com> Tue, 01 October 2019 16:12 UTC
Return-Path: <adam.wiethuechter@axenterprize.com>
X-Original-To: tm-rid@ietfa.amsl.com
Delivered-To: tm-rid@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E90E120885 for <tm-rid@ietfa.amsl.com>; Tue, 1 Oct 2019 09:12:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=axenterprize.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N2rUf5APptqQ for <tm-rid@ietfa.amsl.com>; Tue, 1 Oct 2019 09:12:44 -0700 (PDT)
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com [IPv6:2607:f8b0:4864:20::82c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94209120970 for <tm-rid@ietf.org>; Tue, 1 Oct 2019 09:12:44 -0700 (PDT)
Received: by mail-qt1-x82c.google.com with SMTP id o12so22333494qtf.3 for <tm-rid@ietf.org>; Tue, 01 Oct 2019 09:12:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axenterprize.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=chxVxuP4Krt+TEmy0IDlN3g1YO4GiqIg2vIehVp1xIo=; b=okYc1ml+8n+LSPWj32N7gIPiI0ViWPaJNAEFEQaccgzmhya/20A4Lay1VzSAm7oKTd UuPs0n+0TSd5G6Orm7hbzAL+qGRWtOGpJZLtTLLiIRxQgV9KHHtpgyXZw44qBR0NxzHM 2+SmAtK8a6DXis7mxr2LPxCkIrMqKp64/OXAM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=chxVxuP4Krt+TEmy0IDlN3g1YO4GiqIg2vIehVp1xIo=; b=M2ihprCa21p4GahQpOx2bEt/XG8sadFyObync2q2xutTUluzgmMt82mZcRSl5oHJ8m ZnV9UpEBZGsSmGZQK4nDWchIt8T1UxjwBEPjwbeIIuvnxEBc6fT+/3zdkP0JN0cpzCu4 J/vWSxHENwyJ6WLPmQlRhIbanh0shUrVkL5SeDWu6krZBTGSiMiIUD85aMOAGpepE0Mj GlfWMWycMLyzcgh3edm99DXRLrmpRYKIUiwGptQ6AyJFCssMeKllArkcz6V01dD8ToiH O8mlovoE6F4oUXWfmBWVntDeFnh5FCj7Dvgv9TRIhTvcwVVwCsT8UBJSyv/d3oDlUyMn l1tg==
X-Gm-Message-State: APjAAAVGalsu04E7N7naWRv93NwLzfDAYTDx8zH3N+xbTbm2qY5uOItj Yf8DIKOvF8qVVPE3+LTiVHhzcTUrX1K8sN1/+/RS6AY=
X-Google-Smtp-Source: APXvYqw7FR62ckjduwrGnYxKoZX/QTifaFpPy4O8MVxIdGBGUd1J6qSapQJCLRNPybX8coTFWG4z4Xp+kAWdOI/dRP0=
X-Received: by 2002:ac8:7401:: with SMTP id p1mr30830732qtq.141.1569946363427; Tue, 01 Oct 2019 09:12:43 -0700 (PDT)
MIME-Version: 1.0
References: <c8342d06-203f-6f51-d227-12501a291fc7@labs.htt-consult.com>
In-Reply-To: <c8342d06-203f-6f51-d227-12501a291fc7@labs.htt-consult.com>
From: "Wiethuechter, Adam" <adam.wiethuechter@axenterprize.com>
Date: Tue, 01 Oct 2019 12:12:28 -0400
Message-ID: <CA+r8TqVNVOOCAipmTN5BqH3UGnpezsL748iLWnc7Ra=rVtD9sg@mail.gmail.com>
To: Robert Moskowitz <rgm@labs.htt-consult.com>
Cc: "tm-rid@ietf.org" <tm-rid@ietf.org>
Content-Type: multipart/mixed; boundary="0000000000004f30a50593db9fb1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tm-rid/mwos_05gaziFpA3M8btG4_mWSCs>
Subject: Re: [Tm-rid] HHIT trust proof for Auth messages
X-BeenThere: tm-rid@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Trustworthy Multipurpose RemoteID <tm-rid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tm-rid/>
List-Post: <mailto:tm-rid@ietf.org>
List-Help: <mailto:tm-rid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tm-rid>, <mailto:tm-rid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Oct 2019 16:12:47 -0000
All, Attached is a mock up of what Bob has here just in the new 0.8 version of the authentication message. There is a 23 byte payload limit or 25 bytes if we remove the reserved bytes and condense. I am unwilling to do this though as then the HHIT or Trust Timestamp fields would be fragmented across pages. Its already bad enough that the Trusted Timestamp and standard Timestamp fragment across the 32 bit boundary (within a page) and worse the signature across 3 whole pages already. While in practice this probably wouldn't affect much it makes it harder to understand/read I think. My concern, is that we are broadcasting over Bluetooth. There are 5 pages to the authentication message (from my understanding of the new standard). If we lose any one page it is most likely going to be a signature page (as it spans 3 whole pages) and there will be no way to achieve that which this format is intended for without the full signature. Perhaps the payload section that Bob marked in (and fills the final page of the authentication message) should be some sort of error correction on the signature? The second version I think is unattainable in the new format, unless someone here can defy the laws of physics and make numbers smaller than they actually are thus allowing more to fit within the 109 byte constrain of the message format. Questions, comments, concerns? On Fri, Sep 27, 2019 at 12:40 PM Robert Moskowitz <rgm@labs.htt-consult.com> wrote: > And here is something I have been working on as condensed proof of HHIT > ownership objects that can be put into the auth messages. I have not > done that yet, like Adam has: > > <figure> > <artwork> > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | HHIT | > | | > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | TIMESTAMP | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | HHIT | > | SIG | > . . > . . > . . > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > / PAYLOAD / > / / > / +-------------------------------+ > / | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > > HHIT 16 byte HHIT of EdDSA25519 HI > TIMESTAMP 4 byte packet trust until timestamp > HHIT SIG 64 byte Signature of whole packet > PAYLOAD 0 to n bytes of payload > Length 84 + n bytes > </artwork> > </figure> > <figure> > <artwork> > 0 1 2 3 > 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | DEV HHIT | > | | > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | TIMESTAMP | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | DEV HHIT | > | SIG | > . . > . . > . . > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | DEV HI | > | | > | | > | | > | | > | | > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | AUTH TIMESTAMP | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | AUTH HHIT | > | | > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > | | > | AUTH | > | SIG | > . . > . . > . . > | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > / PAYLOAD / > / / > / +-------------------------------+ > / | | > +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ > > DEV HHIT 16 byte Dev HHIT of EdDSA25519 HI > TIMESTAMP 4 byte packet trust until timestamp > DEV HHIT SIG 64 byte Signature of whole packet > DEV HI 32 byte Device HI of EdDSA25519 HI > AUTH TIMESTAMP 4 byte Dev HHIT trust until timestamp > AUTH HHIT 16 byte Authorizer's HHIT of EdDSA25519 HI > AUTH SIG 64 byte Signature of Device HHIT-HI > PAYLOAD 0 to n bytes of payload > Length 200 + n bytes > </artwork> > </figure> > > | Type | Length | > > -- > Tm-rid mailing list > Tm-rid@ietf.org > https://www.ietf.org/mailman/listinfo/tm-rid > -- 73's, Adam T. Wiethuechter
- [Tm-rid] HHIT trust proof for Auth messages Robert Moskowitz
- Re: [Tm-rid] HHIT trust proof for Auth messages Wiethuechter, Adam
- Re: [Tm-rid] HHIT trust proof for Auth messages Michael Richardson
- Re: [Tm-rid] HHIT trust proof for Auth messages Wiethuechter, Adam
- Re: [Tm-rid] HHIT trust proof for Auth messages Robert Moskowitz
- Re: [Tm-rid] HHIT trust proof for Auth messages Wiethuechter, Adam
- Re: [Tm-rid] HHIT trust proof for Auth messages Card, Stu
- Re: [Tm-rid] HHIT trust proof for Auth messages Robert Moskowitz
- Re: [Tm-rid] HHIT trust proof for Auth messages Michael Richardson
- Re: [Tm-rid] HHIT trust proof for Auth messages Robert Moskowitz
- Re: [Tm-rid] HHIT trust proof for Auth messages Wiethuechter, Adam
- Re: [Tm-rid] HHIT trust proof for Auth messages Michael Richardson
- Re: [Tm-rid] HHIT trust proof for Auth messages Wiethuechter, Adam